- From: Alexey Melnikov <alexey.melnikov@isode.com>
- Date: Fri, 06 Feb 2015 15:46:26 +0000
- To: Julian Reschke <julian.reschke@gmx.de>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
- CC: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org, Yutaka Oiwa <y.oiwa@aist.go.jp>
On 06/02/2015 10:01, Julian Reschke wrote: > On 2015-02-04 17:46, Julian Reschke wrote: >> On 2015-02-02 15:08, Rifaat Shekh-Yusef wrote: >>> This document does not define any semantics associated with these >>> header, which means that the document that uses these header will be >>> the >>> one that must address the information leak issue. >>> I do not see why we would restrict a future use of these headers based >>> on the Digest usage; this seems odd to me. >>> >>> Regards, >>> Rifaat >> >> Well, the goal for me was not to define anything new, but just to >> extract what we have already into something that can be maintained >> separately from DIGEST. As such, Hervé's comment made sense to me, and I >> updated the editor's copy accordingly: >> >> >> <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-auth-info-latest-from-previous.diff.html> >> >> >> >> Maybe other potential users of Auth-Info (Yutaka & Alexey) could state >> whether having this constraint would affect their ability to use >> Authentication-Info? >> >> Assuming that is not the case, I'd like to declare victory, submit a new >> draft, and ask Mark to start a WGLC... >> >> Best regards, Julian >> ... > > Seeing no additional feedback, I went ahead and submitted draft 01. I think your definition would work for the SCRAM draft.
Received on Friday, 6 February 2015 15:47:34 UTC